projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3bd72ef) | patch
package/openldap: security bump to version 2.4.56
authorFrancois Perrad <fperrad@gmail.com>
Tue, 22 Dec 2020 17:11:49 +0000 (18:11 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 23 Dec 2020 12:29:48 +0000 (13:29 +0100)
commit09a565d9408f47e219972b0a71f3cbe0d801225c
treeab5c1a8d043a7e48d66835e820cc46e8b7981577tree
parent3bd72efdafd3b69d33f0c5e5770d6956e89c3b9ccommit | diff
package/openldap: security bump to version 2.4.56

Fixes the following security issue:

- CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server
  and was fixed in openldap 2.4.55, during a request for renaming RDNs.  An
  unauthenticated attacker could remotely crash the slapd process by sending
  a specially crafted request, causing a Denial of Service.

- CVE-2020-25709: Assertion failure in CSN normalization with invalid input

- CVE-2020-25710: Assertion failure in CSN normalization with invalid input

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
[Peter: add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/openldap/0001-fix_cross_strip.patch diff | blob | history
package/openldap/0002-fix-bignum.patch diff | blob | history
package/openldap/openldap.hash diff | blob | history
package/openldap/openldap.mk diff | blob | history